Expert guides to help you navigate the regulatory landscape — free readiness assessments, compliance checklists, and deep-dive framework guides.
The NIS2 Directive expands EU cybersecurity obligations to thousands of new entities. Learn the 5 key domains, Article 21 requirements, and how to assess your readiness before your national regulator comes knocking.
DORA applies to all EU financial entities from January 2025. This checklist covers ICT risk management, incident reporting, TLPT testing, and third-party concentration risk — the four areas where firms most commonly fail.
Department of Defense contractors must achieve CMMC Level 2 certification to bid on covered contracts. This guide walks through the 110 NIST SP 800-171 practices, common assessment failures, and how to prepare for your C3PAO audit.
ISO 27001:2022 restructured the Annex A controls from 114 to 93, adding 11 new controls around threat intelligence, cloud security, and data masking. Find out where your organization stands with our free gap analysis tool.
The HIPAA Security Rule requires covered entities and business associates to conduct a thorough risk assessment. This checklist covers all 18 security standards across Administrative, Physical, and Technical safeguards.
South Africa’s Protection of Personal Information Act is fully enforced, with the Information Regulator actively investigating and fining non-compliant organizations. This guide covers the 8 conditions for lawful processing and your compliance roadmap.
Nigeria’s Data Protection Regulation, enforced by NITDA, applies to any organization processing the personal data of Nigerian residents. This guide covers registration requirements, lawful basis, data subject rights, and audit obligations.
SOC 2 Type II certification is increasingly required by enterprise buyers before onboarding SaaS and cloud vendors. This guide covers the five Trust Services Criteria, the audit timeline, common control gaps, and how tabletop exercises map directly to the Availability and Security criteria.
The EU General Data Protection Regulation remains the world’s most stringent data privacy law, with fines reaching €20M or 4% of global annual turnover. This guide walks through the six lawful bases, Article 32 security obligations, breach notification timelines, and the DPA audit process.
PCI DSS v4.0 became mandatory in March 2025, introducing 64 new requirements including customized implementation, multi-factor authentication expansions, and phishing-resistant controls. This guide covers all 12 requirements, SAQ selection, QSA audit preparation, and the most common Requirement 6 and 8 failures.
NERC CIP standards protect Bulk Electric System cyber assets from attack and manipulation. This guide covers CIP-002 through CIP-014, asset categorization (High/Medium/Low BES), the supply chain risk management requirements under CIP-013, and how tabletop exercises satisfy the CIP-008 incident response testing mandate.
TSA cybersecurity directives for pipeline, aviation, and rail sectors mandate network segmentation, access control, continuous monitoring, and annual cybersecurity incident response plan testing. This guide covers the directive series, CISA reporting requirements, and how to structure your annual tabletop exercise to satisfy the testing mandate.
NIST CSF 2.0 introduced a sixth Function — Govern — and expanded applicability beyond critical infrastructure to all organizations. This guide covers the six Functions (Govern, Identify, Protect, Detect, Respond, Recover), Organizational Profiles, Tiers, and how to use CSF 2.0 as a common language with your board and cyber insurers.
IEC 62443 is the leading international standard for OT and ICS cybersecurity, covering asset owners, system integrators, and component manufacturers across all industrial sectors. This guide explains the four-part series, Security Levels 1–4, Zone and Conduit modelling, and how to use IEC 62443-2-1 to build your OT security management system.